Compliance documentation

Data Processing Agreements

Download the DPA for your jurisdiction. All agreements reflect our zero-storage architecture: documents never leave your browser, no personal data is stored at rest.

UK GDPR

Data Processing Agreement

For UK-based controllers processing under the UK General Data Protection Regulation and Data Protection Act 2018. Includes IDTA provisions for international transfers.

15 sections · Schedule 1 · Schedule 2 (TOMs) · A4

Download PDF

EU GDPR

Data Processing Agreement

For EEA-based controllers processing under Regulation (EU) 2016/679. Incorporates Standard Contractual Clauses (Module Two) for EU-US transfers.

15 sections · Schedule 1 · Schedule 2 · SCC Annex · A4

Download PDF

US CCPA / CPRA

Data Processing Addendum

For US businesses processing under California Consumer Privacy Act, CPRA, and applicable state privacy laws (VCDPA, CPA, CTDPA, UCPA).

16 sections · HIPAA reference · US Letter

Download PDF

Key terms

Common across all agreements

AI training prohibition

SafeRedact and all sub-processors (including Anthropic) are prohibited from using customer data to train, fine-tune, or improve AI models.

Sub-processors

Anthropic (AI classification, SOC 2 Type II, zero retention), Vercel (hosting, SOC 2 Type II), Supabase (auth & metadata, SOC 2 Type II).

Breach notification

Written notification within 72 hours of confirmed personal data breach. Includes nature of breach, categories of data, and remediation steps.

Need a project-scoped DPA for a single engagement, or have questions about specific terms? Contact support@saferedact.app.

Ready to get started?

Tell us about your compliance requirements and we'll scope the right engagement.

Contact Sales Security Architecture →